Jump to content
Sign in to follow this  
ofLight

GameGuard Bypass

Recommended Posts

ofLight

Several people have asked me for an example of howto use Pixelchecksum on a GameGuard protected game without having to run it in a VM. Although I stand by my Opinion that running these games in a VM is the easyer and much more effecient way to go, the following methode doesnt require any external software.

This code was ripped from my 2moons Mobb hunter so its VERY ugly, and I just briefly tested it to verify functionality. The main purpose is to demonstrate the Steps needed and basic components.

Note 1. This script is set to search the current active window, given the steps needed for use it is MUCH faster to specify a Smaller area within a window.

Note 2. You can also use other file formats other than BMP. I mainly use BMP because It is the most consistent, however I have also Tried jpeg successfully. Jpeg is significantly faster than BMP, but getting a valid Checksum is difficult with the Standard "PixelCheckSum".

#include<array.au3>
;#include<PixelCheckSumFindAll.au3>
#Include<GUIConstants.au3>
#include<misc.au3>
#include<string.au3>
#include<A3LScreenCap.au3>
#include<IE.au3>

Opt("PixelCoordMode", 0);1=absolute & Default, 0=relative, 2=client area   ;Set CoOrds relative to Window not screen
Opt("MouseCoordMode", 0) 

HotKeySet("`","_Go")
HotKeySet("~","_record")
HotKeySet('{esc}', '_Exit')

Local $msg = "Press Shift+tilde to Record "&@LF&"Press tilde to Find "&@LF&"info saved in NoMia.ini" 
Local $xy,$currentpixel,$FileBMP = ".\Render.bmp",$IniFile = ".\NoMIA.ini"

_initialize($IniFile)

While 1
    $xy = MouseGetPos()
    $currentpixel = PixelGetColor($xy[0],$xy[1])
    ToolTip("Pixel color = " & $currentpixel & @LF & $msg)
    Sleep(100)
WEnd

Func _Go()
    $pixel = Int(IniRead($IniFile,"Rec1","PixelColor","-1"))
    $chksum = Int(IniRead($IniFile,"Rec1","PixelCheckSum","-1"))
    $WinLoc = WinGetPos("")
    _ScreenCap_Capture($FileBMP, $WinLoc[0], $WinLoc[1],$WinLoc[0]+$WinLoc[2],$WinLoc[1]+$WinLoc[3])        ;Create Image
    _RenderImg($FileBMP, $WinLoc[0], $WinLoc[1])                                                            ;Render Image
    $WinLoc = WinGetPos(" Render VD")
    $Array = _PixelCheckSumFindAll( $pixel, $chksum, 5, 5, 5, 5, 0, 0, $WinLoc[2], $WinLoc[3])              ;Find in Image
    GUISetState(@SW_HIDE)
    For $i = 1 to $Array[0][0]                                                                              ;Demonstrate Found locations
        MouseMove($Array[$i][0],$Array[$i][1], 10)
        MouseClick("Left")
    Next
    _ArrayDisplay($Array)
EndFunc

Func _record()
    IniWrite($IniFile,"Rec1","PixelColor",$currentpixel)
    Local $chksum = PixelChecksum($xy[0]-5, $xy[1]-5, $xy[0]+5, $xy[1]+5)
    IniWrite($IniFile,"Rec1","PixelCheckSum",$chksum)
    ToolTip('          '&@CRLF&'  SAVED  '&@CRLF&'          ')
    Sleep(500)
EndFunc

Func _Exit()
    ToolTip('          '&@CRLF&'  EXITING  '&@CRLF&'          ')
    Sleep(500)
    Exit
EndFunc 

Func _initialize($IniFile)
    ;For $i = 0 to 9
        $val01 = IniRead($IniFile, "Rec1","PixelColor", -1) 
        $val02 = IniRead($IniFile, "Rec1","PixelCheckSum", -1)  
        $val03 = IniRead($IniFile, "Rec1","Left_SerchArea", -1) 
        $val04 = IniRead($IniFile, "Rec1","Top_SerchArea", -1)
        $val05 = IniRead($IniFile, "Rec1","Right_SerchArea", -1)    
        $val06 = IniRead($IniFile, "Rec1","Bottom_SerchArea", -1)       
        If $val01 = -1 then IniWrite($IniFile, "Rec1","PixelColor", "0")
        If $val02 = -1 then IniWrite($IniFile, "Rec1","PixelCheckSum", "0")     
        If $val03 = -1 then IniWrite($IniFile, "Rec1","Left_SerchArea", "0")
        If $val04 = -1 then IniWrite($IniFile, "Rec1","Top_SerchArea", "0")
        If $val05 = -1 then IniWrite($IniFile, "Rec1","Right_SerchArea", "100")
        If $val06 = -1 then IniWrite($IniFile, "Rec1","Bottom_SerchArea", "100")
    ;Next
EndFunc 

Func _RenderImg($FileBMP, $x, $y)
    $size = _ImageGetSize($FileBMP) ; 0 = width, 1 = height
    $Form1 = GUICreate(" Render VD", $size[0], $size[1], $x, $y, $WS_POPUP)
    GUICtrlCreatePic($FileBMP,0,0,$size[0],$size[1])
    GUISetState(@SW_SHOW)
EndFunc 

;===============================================================================
; Function Name:    _PixelCheckSumFindAll
; Description:      Finds all instances of Checksum within a given area and returns array with Total and all locations X and Y.
; Parameters:       $Pixel          Colour value of pixel to find (in decimal or hex).
;                   $chksum         Previously generated checksum value of the region per(PixelChecksum)
;                   $CS_l           left coordinate of rectangle. (amount to subtract)
;                   $CS_t           Top coordinate of rectangle. (amount to subtract)
;                   $CS_r           Right coordinate of rectangle. (amount to add)
;                   $CS_b           Bottom coordinate of rectangle. (amount to add)
;                   $SB_l           left coordinate of total area to search. Default is 0 (far left side of screen)
;                   $SB_t           top coordinate of total area to search. Default is 0 (top most Side of screen)
;                   $SB_r           Right coordinate of total area to search. Default is @DesktopWidth (Far Right side of screen)
;                   $SB_b           Bottom coordinate of total area to search. Default is @DesktopHeight (Bottom most side of screen)
; Syntax:           _PixelCheckSumFindAll($pixel, $chksum, $CS_l, $CS_t, $CS_r, $CS_b[, $SB_l, $SB_t, $SB_r, $SB_b])
; Author(s):        ofLight
; Returns:          $Array[0][0] = 0 on failure, $Array on success
;===============================================================================
Func _PixelCheckSumFindAll($pixel,$chksum,$CS_l,$CS_t,$CS_r,$CS_b,$SB_l=0,$SB_t=0,$SB_r=@DesktopWidth,$SB_b=@DesktopHeight)
    $SB_b_Max = $SB_b
    $SB_l_Max = $SB_l
    Dim $Array[2][2]
    $Array[0][0] = "0"
    $Count = "0"
    While 1
        $xy = PixelSearch($SB_l,$SB_t,$SB_r,$SB_b,$pixel, 0)
        If @error And $SB_b = $SB_b_Max Then
            SetError(1)
            Return $Array
        ElseIf @error Then
            $SB_t = $SB_b + 1
            $SB_b = $SB_b_Max
            $SB_l = $SB_l_Max
        ElseIf $chksum = PixelCheckSum($xy[0]-$CS_l, $xy[1]-$CS_t, $xy[0]+$CS_r, $xy[1]+$CS_B) Then 
            $Count = $Count+1
            $Array[0][0] = $Count
            ReDim $Array[$Count+1][2]
            $Array[$Count][0] = $xy[0]
            $Array[$Count][1] = $xy[1]
            $SB_t = $xy[1]
            $SB_b = $SB_t
            $SB_l = $xy[0] + 1
        Else
            $SB_t = $xy[1]
            $SB_b = $SB_t
            $SB_l = $xy[0] + 1
        EndIf
    WEnd
EndFunc

;==========================   Render Image Specific   ==========================
Func _GUICtrlCreateGIF($gif, $x = 0, $y = 0, $border = 0)
    Local $oIE, $GUIActiveX
    Local $a_sizes = _ImageGetSize($gif) ; 0 = width, 1 = height
    $oIE = ObjCreate("Shell.Explorer.2")
    $GUIActiveX = GUICtrlCreateObj($oIE, $x, $y, $a_sizes[0], $a_sizes[1])
    $oIE.navigate ("about:blank")
    While _IEPropertyGet($oIE, "busy")
        Sleep(100)
    WEnd
    $oIE.document.body.background = $gif
    $oIE.document.body.scroll = "no"
    If $border = 0 Then $oIE.document.body.style.border = "0px"
    Return $oIE
EndFunc   

Func _ImageGetSize($sFile)
    Local $sHeader = _FileReadAtOffsetHEX($sFile, 1, 24); Get header bytes
    Local $asIdent = StringSplit("FFD8 424D 89504E470D0A1A 4749463839 4749463837 4949 4D4D", " ")
    Local $anSize = ""
    For $i = 1 To $asIdent[0]
        If StringInStr($sHeader, $asIdent[$i]) = 1 Then
            Select
                Case $i = 1; JPEG
                    $anSize = _ImageGetSizeJPG($sFile)
                    ExitLoop
                Case $i = 2; BMP
                    $anSize = _ImageGetSizeSimple($sHeader, 19, 23, 0)
                    ExitLoop
            EndSelect
        EndIf
    Next
    If Not IsArray($anSize) Then SetError(1)
    Return ($anSize)
EndFunc   

Func _ImageGetSizeSimple($sHeader, $nXoff, $nYoff, $nByteOrder)
    Local $anSize[2]
    $anSize[0] = _Dec(StringMid($sHeader, $nXoff * 2 - 1, 4), $nByteOrder)
    $anSize[1] = _Dec(StringMid($sHeader, $nYoff * 2 - 1, 4), $nByteOrder)
    Return ($anSize)
EndFunc  

Func _FileReadAtOffsetHEX($sFile, $nOffset, $nBytes)
    Local $hFile = FileOpen($sFile, 0)
    Local $sTempStr = ""
    FileRead($hFile, $nOffset - 1)
    For $i = $nOffset To $nOffset + $nBytes - 1
        $sTempStr = $sTempStr & Hex(Asc(FileRead($hFile, 1)), 2)
    Next
    FileClose($hFile)
    Return ($sTempStr)
EndFunc  

Func _Dec($sHexStr, $nByteOrder)
    If $nByteOrder Then Return (Dec($sHexStr))
    Local $sTempStr = ""
    While StringLen($sHexStr) > 0
        $sTempStr = $sTempStr & StringRight($sHexStr, 2)
        $sHexStr = StringTrimRight($sHexStr, 2)
    WEnd
    Return (Dec($sTempStr))
EndFunc  

Func _ImageGetSizeJPG($sFile)
    Local $anSize[2], $sData, $sSeg, $nFileSize, $nPos = 3
    $nFileSize = FileGetSize($sFile)
    While $nPos < $nFileSize
        $sData = _FileReadAtOffsetHEX($sFile, $nPos, 4)
        If StringLeft($sData, 2) = "FF" Then; Valid segment start
            If StringInStr("C0 C2 CA C1 C3 C5 C6 C7 C9 CB CD CE CF", StringMid($sData, 3, 2)) Then; Segment with size data
                $sSeg = _FileReadAtOffsetHEX($sFile, $nPos + 5, 4)
                $anSize[1] = Dec(StringLeft($sSeg, 4))
                $anSize[0] = Dec(StringRight($sSeg, 4))
                Return ($anSize)
            Else
                $nPos = $nPos + Dec(StringRight($sData, 4)) + 2
            EndIf
        Else
            ExitLoop
        EndIf
    WEnd
    Return ("")
EndFunc

There is always a butthead in the crowd, no matter how hard one tries to keep them out.......Volly

Share this post


Link to post
Share on other sites
ofLight

Per Several Requests, I am posting this here. I will update it to my Current working version as soon as I am able to access the box that has it.

previous versions download total:25

Version 1.0.0.8

Example Use:

#include<oL.au3>

HotKeySet("`","_Find") ;Press tilde to Find All
HotKeySet("~","_Record") ;Press Shift+tilde to Record
HotKeySet('{esc}', '_Exit')

Global $currentpixel,$xy

;_PixelShow_Virtual()

While 1
    $xy = MouseGetPos()
    $currentpixel = PixelGetColor($xy[0],$xy[1])
    ToolTip("Test Waiting")
    Sleep(100)
WEnd

Func _Find()
    $Pixel = IniRead(".\Data.ini","Main","PixelColor",0)
    $chksum = IniRead(".\Data.ini","Main","PixelCheckSum",0)
    $coord = _PixelCheckSumFindAll_Virtual($Pixel, $chksum, 5, 5, 5, 5,0,0, 1680, 1050)
    If IsArray($coord) Then 
        ;_ArrayDisplay($coord)
        For $i = 1 to $coord[0][0]
            mousemove($coord[$i][0],$coord[$i][1],20)
        Next
    EndIF
EndFunc

Func _Record()
        $chksum = _PixelCheckSumRecord_Virtual($xy[0]-5, $xy[1]-5, $xy[0]+5, $xy[1]+5)
        IniWrite(".\Data.ini","Main","PixelColor",$currentpixel)
        IniWrite(".\Data.ini","Main","PixelCheckSum",$chksum)
EndFunc 

Func _Exit()
    ToolTip('          '&@CRLF&'  EXITING  '&@CRLF&'          ')
    Sleep(500)
    Exit
EndFunc
Edited by ofLight

There is always a butthead in the crowd, no matter how hard one tries to keep them out.......Volly

Share this post


Link to post
Share on other sites
WeMartiansAreFriendly

I've never heard of "gameguard" But I looked it up and It sounds pretty nasty, glad you found a way to bypass it with Autoit. Although I wont find much use out of since I play simple freeware games :)

Edited by mrRevoked

Don't bother, It's inside your monitor!------GUISetOnEvent should behave more like HotKeySet()

Share this post


Link to post
Share on other sites
BillLuvsU

Good stuff mate! *implements into Gunbound Aimbot* LETS ROLL! And please explain to me what you mean by running it in a virtual machine?

Edit: Also if you have a technique for bypassing the Send command, I will love you forever. =]

Edited by fear1313

[center][/center]Working on the next big thing.Currently Playing: Halo 4, League of LegendsXBL GT: iRememberYhslaw

Share this post


Link to post
Share on other sites
ofLight

@fear1313 thanks for the comments Fear. Up until this current build, to bypass gameguard I would simple use VMWare to run the Game. I would then run my script on the hostbox. Which allowed me to use Pixel recognition commands on Any game because they wouldn't be reading the Pixels directly from the game but would be reading them from VMware. However useing PaulIA's partial screencap function as a method of quickly Rendering an image and then Reading it with Pixelsearch, this is no longer necessary.

I have never seen the need to Bypass the Send command in ANY game. Usually if you have a program that is not responding to sends its a simple matter of increasing the Key down delay to something greater than the default.

Opt("SendKeyDownDelay",20)

There is always a butthead in the crowd, no matter how hard one tries to keep them out.......Volly

Share this post


Link to post
Share on other sites
BillLuvsU

Really? I thought GG blocked key press simulation requests to user32.dll, or whatever. IDK, been a while since my "hacking" days. =]


[center][/center]Working on the next big thing.Currently Playing: Halo 4, League of LegendsXBL GT: iRememberYhslaw

Share this post


Link to post
Share on other sites
DesireDenied

Several people have asked me for an example of howto use Pixelchecksum on a GameGuard protected game without having to run it in a VM. Although I stand by my Opinion that running these games in a VM is the easyer and much more effecient way to go, the following methode doesnt require any external software.

would you explain this idea?

i mean, is there any way how to launch/run a game with out VM Station?

Edited by DesireDenied

Share this post


Link to post
Share on other sites
ofLight

would you explain this idea?

i mean, is there any way how to launch/run a game with out VM Station?

ok Desire I posted an updated version of ol.au3 and an example use above. Simply start your game, then run the Example and you will be able to record and then find checksums directly from the game, no need for VMWare anymore.

Really? I thought GG blocked key press simulation requests to user32.dll, or whatever.

The Newest game I am aware of that uses GG is 2moons and it responds to Sends and Mouseclicks with no issues. As well as all previous games I have tested. Edited by ofLight

There is always a butthead in the crowd, no matter how hard one tries to keep them out.......Volly

Share this post


Link to post
Share on other sites
Manalessar

ok Desire I posted an updated version of ol.au3 and an example use above. Simply start your game, then run the Example and you will be able to record and then find checksums directly from the game, no need for VMWare anymore.

The Newest game I am aware of that uses GG is 2moons and it responds to Sends and Mouseclicks with no issues. As well as all previous games I have tested.

Hmm i run your example and it works(i downloaded older client to install librarys needed in that script). But i dont know how to send a key for ex. "C" to the game? Where i must put send command? Do i need to record(tilda or shift tilda??) and then do smth? Ill be thankfull for fast answer

Share this post


Link to post
Share on other sites
ofLight

Hmm i run your example and it works(i downloaded older client to install librarys needed in that script). But i dont know how to send a key for ex. "C" to the game? Where i must put send command? Do i need to record(tilda or shift tilda??) and then do smth? Ill be thankfull for fast answer

Hay Manalessar, Sorry for the delayed response, I dont usually check the forums during the weekend.

I am not sure I understand your question, but the above script is not meant to be a stand alone "bot", it is meant to show you an easy way to implement the functionality within your own script. If you have a script you are having trouble incorporating oL.au3 into, post it here and I will do my best to help.


There is always a butthead in the crowd, no matter how hard one tries to keep them out.......Volly

Share this post


Link to post
Share on other sites
DesireDenied

I have never seen the need to Bypass the Send command in ANY game. Usually if you have a program that is not responding to sends its a simple matter of increasing the Key down delay to something greater than the default.

lil of topic from my side but SOMEHOW increasing opt KeyDownDelay doesn't work for me in ANY game i've tested today.

(KalOnline - HackShield)

(SilkRoad - GameGuard)

(2Moons - GameGuard)

strange thing imho :)


Share this post


Link to post
Share on other sites
ofLight

Im not sure about KalOnline, but I have working Scripts for both Silkroad and 2moons, so I am certain AutoIt basic "send("{SPACE}")" type commands work with no issues. If you will post your code maybe we can Narrow down the Issue. If you have doubts about weather you can get direct "sends" to work, i would suggest creating as simple a script as possible and working up from there.


There is always a butthead in the crowd, no matter how hard one tries to keep them out.......Volly

Share this post


Link to post
Share on other sites
brandonlooi

so it means it worked? :) wow thanks ! :) but how i use this lol!! XD new to autoit hehe

Share this post


Link to post
Share on other sites
Gyro

Im not sure about KalOnline, but I have working Scripts for both Silkroad and 2moons, so I am certain AutoIt basic "send("{SPACE}")" type commands work with no issues. If you will post your code maybe we can Narrow down the Issue. If you have doubts about weather you can get direct "sends" to work, i would suggest creating as simple a script as possible and working up from there.

Well as of today I think GG is blocking Send commands (at least for 2 moons). I was able to use Ctrl Send and mouse clicks just fine and they updated GG this morning and they no longer work. Any ideas on how to get around that?

Share this post


Link to post
Share on other sites
SXGuy

Gamegaurd blocks all send commands, regardless.

All api's are hooked.

However there are PostMessage work arounds :)

This isnt a bypass as such, but more of a work around.

This method takes a "snapshot" of the current screen and then uses pixelchecksum, whereas if you were to just use pixelchecksum on the current window, it would not work.

GameGaurd does nothing to stop a render of the window, which is why this is a "quick fix of sorts"

Share this post


Link to post
Share on other sites
Richard Robertson

GameGuard is rather advanced. There is one failsafe workaround that I have discovered though. Don't bother asking me for it, I'm just saying that it is there.

Share this post


Link to post
Share on other sites
AgentSmith15

You can still send keys to games protected with GG.

*Hint* Use On-Screen Keyboard and AutoIt

Question, does anyone know if GG blocks all API calls or just calls that interfere with the game. A user in the AHK forums found a way to bypass GG when he sets the OSK to "Hover to select".

Edited by AgentSmith15

Share this post


Link to post
Share on other sites
ofLight

Hay Agentsmith,

Can I get alittle more info on what onscreen keyboard you have used? are you useing the Default Windows? and if so what version of windows? or are you useing some other software?

Thanks


There is always a butthead in the crowd, no matter how hard one tries to keep them out.......Volly

Share this post


Link to post
Share on other sites
BillLuvsU

OMG, thats genius in it's simplicity! Why did I never think of this? But wait, GG hooks all API calls, so won't any attempt to manipulate the keyboard be blocked as well? o_0 Anyways, has this pixel function been patched yet? If not I'll make a quick "proof of concept" bot. And to say GG is "fairly" advanced is the understatment of the year. This thing is the Jane of the software industry. (Ender's Game reference)


[center][/center]Working on the next big thing.Currently Playing: Halo 4, League of LegendsXBL GT: iRememberYhslaw

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.